Windows store a hash of the password, or more precisely a hash of a hash of the password. Generally speaking, if you have physical access to a machine you can always bypass the logon security anyway, so it doesn't really matter. In the rare situations where it does, the administrator can disable the functionality as Mayank has already explained.
–
Harry JohnstonFeb 28 '13 at 2:44

1 Answer
1

Windows will cache your account information locally once you login to the machine once.

If the next time you try to login the DC can't be reached it will use the cached settings. This might be useful for laptops which might be needed to work off the network.

About the security issues, when you logon to Windows by using cached logon information, if the domain controller is unavailable to validate your account, you cannot access network resources that require domain validation. However, you can access network resources that do not require domain validation.

(for server 2k8) There is a GPO to control logon caching- Interactive logon: Number of previous logons to cache (in case domain controller is not available). You can find it under [Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options]
4.